exit; } else { if ($_REQUEST['domain_mode'] == 'change_owner_now') { // CHANGE OWNERSHIP // make sure the email addresses are in in the database $owner_id = get_cid(strtolower($_REQUEST['email_address'])); $q = "select 'Email' from accounts where cid='{$owner_id}'"; $stmt = $pdo->query($q) or die(print_r($pdo->errorInfo())); if ($stmt->rowCount() == 0) { set_msg_err("Error: " . $_REQUEST['email_address'] . " is not in the database"); $smarty->display('header.tpl'); $smarty->display('footer.tpl'); exit; } if ($user_info['Account_Type'] == 'senior_admin' && isset($_REQUEST['group_email_address']) && $_REQUEST['group_email_address'] != '') { $group_owner_id = get_cid(strtolower($_REQUEST['group_email_address'])); $q = "select 'Email' from accounts where cid='{$group_owner_id}' and Account_Type='group_admin'"; $stmt = $pdo->query($q) or die(print_r($pdo->errorInfo())); if ($stmt->rowCount() == 0) { set_msg_err("Error: " . $_REQUEST['group_email_address'] . " is not in the database, or their Account_Type is not 'group_admin'"); $smarty->display('header.tpl'); require 'src/change_owner.php'; $smarty->display('footer.tpl'); exit; } $change_group = 1; } $q = "update domains set owner_id='{$owner_id}'"; if ($change_group == 1) { $q .= ", group_owner_id = '{$group_owner_id}'"; }
// Check data require 'src/check_account_data.php'; // Update records $q = "update accounts set "; if (isset($new_gid) && $new_gid != NULL) { $q .= "gid='{$new_gid}', "; } $q .= "\n\n First_Name='" . mysql_escape_string($_REQUEST['first_name']) . "',\n Last_Name='" . mysql_escape_string($_REQUEST['last_name']) . "',\n Phone='" . mysql_escape_string($_REQUEST['phone']) . "',\n Email='" . mysql_escape_string(strtolower($_REQUEST['email_address'])) . "'"; if ($_REQUEST['password'] != "") { $q .= ", Password='******'password']) . "'"; } if ($user_info['Account_Type'] == 'senior_admin') { $q .= ", Account_Type='" . $_REQUEST['account_type'] . "'"; $q .= ", Status='" . $_REQUEST['status'] . "'"; } $q .= " where cid='" . get_cid($account_info['Email']) . "'"; mysql_query($q) or die(mysql_error()); // Update email in active sessions if necessary if ($account_info['Email'] != strtolower($_REQUEST['email_address'])) { $q = "update active_sessions set Email='" . strtolower($_REQUEST['email_address']) . "' where Email='" . $account_info['Email'] . "'"; mysql_query($q) or die(mysql_error()); } set_msg("Account edited successfully"); header("Location: {$base_url}"); exit; } else { if ($_REQUEST['user_mode'] == 'add_account') { // Make sure this is a senior admin if ($user_info['Account_Type'] != 'senior_admin' && $user_info['Account_Type'] != 'group_admin') { set_msg_err("Error: you do not have the rights to add a user"); $smarty->display('header.tpl');
} if (!check_email_format($_REQUEST['email_address'])) { set_msg_err("Error: invalid email address"); $smarty->display('header.tpl'); require 'src/account_form.php'; $smarty->display('footer.tpl'); exit; } // If the email address is changing, check that it's not already in use if ($account_info['Email'] != strtolower($_REQUEST['email_address'])) { $q = mysql_query("select Email from accounts where Email='" . mysql_escape_string(strtolower($_REQUEST['email_address'])) . "'"); $email_rows = mysql_num_rows($q); if ($email_rows > 0) { set_msg_err("Error: email address already in use"); $smarty->display('header.tpl'); require 'src/account_form.php'; $smarty->display('footer.tpl'); exit; } } if ($_REQUEST['password'] != $_REQUEST['password2']) { set_msg_err("Error: passwords do not match"); $smarty->display('header.tpl'); require 'src/account_form.php'; $smarty->display('footer.tpl'); exit; } // group owner change stuff if ($user_info['Account_Type'] == 'senior_admin' && strlen($_REQUEST['group_email_address']) > 0) { $new_gid = get_cid($_REQUEST['group_email_address']); }